Types of Corporate Investigations

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight


This chapter sets out the range of case types that are covered by corporate investigators, recognising that the type of matters being investigated is often multifaceted and evolve. Shifting societal expectations advances in technology, greater information and data availability, and changes in the regulatory landscape are but a few factors driving organisations to demonstrate accountability for corporate social and environmental responsibility. The impact or influence of organisations on global climate change, social injustice, and human rights violations, or matters often referred to as environmental, social and governance (ESG) issues is increasingly subject to scrutiny. More organisations are investigating ESG related allegations, sometimes as part of wider organisational culture reviews or as matters that intersect with fraud, bribery, corruption, and other misconduct. Cyber enabled misconduct is also evolving, often overlapping with ESG matters. Following the explosion of cryptocurrencies from 2017 onwards, crypto investigations or investigations into digital, or virtual, assets are also a growing trend. The resultant broadening of the scope of in-house and external corporate investigators has exposed a need across the sector to upskill and gain specialist knowledge.

The investigation types presented in this chapter result from extensive consultation exercises, including workshops and member surveys, with over fifty corporate investigation subject matter experts across various industries and sectors in the ACi community, in the period November 2021 to March 2022. The aim of the consultation was to draft the first practitioner-led ‘investigations typology’ or classification system to help raise awareness of the breadth of case types investigated by corporate investigators. This is intended to be a first iteration, and subject to ongoing review and change. The ACi has sought to use simple and universal language, to reach broad terminology consensus. The types set out in this chapter are not intended to be a definitive list. Furthermore, they are not intended to prescribe the full case type remit of an organisation’s in-house investigations function.

Overview of investigation types

Corporate investigations can be classified in many different ways, using multiple parameters, including:

  • who commissioned the investigation, for example, regulator, organisation;
  • the law, code, standards, and principles that are alleged to have been breached;
  • the parties involved in the investigation, where the alleged perpetrator or aggrieved party is an employee, a person or entity connected with the organisation e.g. contractors, business partners, beneficiaries or customers or an unconnected ‘outsider’;
  • the department or function typically responsible for the area, HR, health and safety, security investigations; and
  • the nature of the allegation or matter reported.

Internal versus regulatory and other external oversight bodies

Most of an organisation’s investigations are normally mandated by the organisation itself, as part of its internal risk management framework. Where breaches of regulations are suspected, regulators may commission an investigation. Regulators are typically bodies established by governments to implement and enforce regulations. Examples of regulators are: the Securities and Exchange Commission (SEC) in the US, local or EU competition authority, local data privacy authority, Office of Foreign Assets Control (OFAC), Consumer Financial Protecting Bureau (CFPB).

We refer to those organisations that are obligated to implement money laundering prevention and detection as ‘the regulated sector’. The regulator for the financial services sector in the UK is the financial conduct authority (FCA).[1] Regulators may undertake the investigation themselves, assign to others or supplement an internal investigation. Organisations have an obligation to cooperate. Prosecutors, such as the serious fraud office, may also investigate and prosecute organisations.

Classification according to law, code, standards, or principles

Corporate investigators typically focus on potential breaches of or non-compliance with an organisation’s policies, procedures, processes, frameworks, code of conduct, or other internal directives governing the organisation. Internal investigation class­ification systems may adopt a typology that reflects the policy or code that has been breached. By way of example, an expenses fraud may constitute a violation of the organisation’s fraud and bribery policy as well as its code of conduct. Certain investigations may more broadly cover an organisation’s cultural failures to align with its values.

Some organisational policy violations may also constitute breaches of criminal law, for example violations of anti-trust, insider trading, sanctions, money laundering, tax evasion law, anti-bribery law, sexual offences law and data privacy. Criminal investigations are typically referred by organisations to law enforcement for investigation, and liaison between the organisation and law enforcement determines the scope of any parallel internal investigation. Organisations may also be in breach of employment law and exposed to risk of litigation.

Classification according to the parties involved in the investigation

Another approach to classification is to consider the relationships of the parties to the investigation with the organisation, as this has implications for the scope of the investigation as well as duty of care. Employees will be bound by an employment contract; an investigator can typically access their records and require them to assist or cooperate with an investigation. An organisation will not have recourse to disciplinary action in respect of third parties completely unconnected to an organisation and may therefore refer ‘outsider’ wrongdoing to external authorities for investigation or sanction. Business partners or contractors will have contractual obligations towards the organisation, however the organisation may not have the authority to directly investigate their employees for wrongdoing, depending on right of audit or investigation clauses within the contract. The organisation will need to consider the nature and extent of any duty of care to third parties connected to it, for example to customers, beneficiaries and end users of an organisation’s services.

Classification according to the internal department or function typically responsible for the area

Organisations differ in structure and allocation of investigation resources across departments. Many global organisations employ dedicated investigation teams. The remit of the team may be restricted to ‘ethics and compliance’ investigations typically, fraud, bribery, corruption and related matters or the full remit of whistleblowing investigations. Smaller organisations may not have dedicated teams or roles. Various internal departments may undertake investigations depending on the nature of the case and therefore the cases may be named after the department handling the cases. Examples include: ‘compliance investigations’, ‘human resources investigations’, security, cybersecurity, and health and safety investigations. The legal and internal audit functions may also cover investigations. It is increasingly common for internal corporate investigators to assist or lend expertise to cases which do not fall strictly within the in-house corporate investigations team remit.

ACi classification

The ACi investigations typology classifies investigations by the type of alleged wrongdoing or matter being investigated. It seeks to answer the question: ‘what types of issue are being investigated by corporate investigators’ rather than ‘who is responsible for investigating’? Accordingly the typology does not prescribe the department or function responsible for investigating each type. It assumes that the parties to an investigation, both subjects and witnesses, can be insiders or outsiders and that the type of wrongdoing investigated can amount to violations of internal policies, law, or industry code. Internal investigations functions may have created or adopted a typology system that is integrated with their case management system. The ACi typology includes ten principal categories:

  • Fraudulent practices
  • Financial misconduct and violations
  • Conflicts of interest
  • Corrupt practices
  • Fair and respectful workplace
  • Violations, failures in corporate responsibility both social and environmental
  • Cyber enabled wrongdoing
  • Security of information, data, and intellectual property
  • Security of property and physical assets
  • Health, safety and security of people

Figure 1, following, provides the ten categories with at least five subcategories each. The list of subcategories serves as examples and is not an exhaustive list. The investigations typology is designed to be used as an adaptable classification system that can inform case management or incident reporting protocols. As such the types try to reflect how incident data could be presented and analysed.

With respect to the classification of fraud, the ACi’s investigations typology focuses on ‘fraudulent practices’ rather than areas where fraud occurs like ‘procurement’, ‘payroll’ fraud, etc., or detailed examples such as ‘false sales and shipping’. The practices are designed to capture all fraud types. They broadly describe the ways that fraud can be committed: counterfeit or forgery, failure to disclose required information, manipulation, misappropriation, misrepresentation and substitution. The ACi recognises that an established classification system exists in the Association of Certified Fraud Examiners (ACFE) fraud tree and does not seek to replicate it.[2] A key difference between the fraud tree and the typology is the separation in the typology of corruption and bribery from fraud. This separation was considered important as corrupt practices do not always entail fraud and are usually reported separately in incident reporting and key performance indicators.

The investigations typology encompasses wrongdoing that falls squarely within the organisation’s contract with employees and connected parties. Fair and respectful workplace matters, as well as ESG matters that can be seen as violations of its ‘social contract’ or corporate responsibility.

Corporate investigators may investigate cases which include health and safety or security concerns, as distinct from the prevention or diagnostic activity that is carried out by others in the departments responsible for those areas.

This chapter provides a brief overview of the main categories for illustrative purposes. It is not the intention of this chapter to cover each in detail. Where applicable, the relevant chapter of the handbook is cross-referenced.

Corporate investigations typology
Fraudulent practicesFinancial misconduct and violationsConflicts of interestCorrupt practices
  • Counterfeit/forgery
  • Failure to disclose required information
  • Manipulation – data and documents (includes fabrication and obstructive practices such as tampering with or destroying information/evidence)
  • Misappropriation
  • Misrepresentation (including false statements)
  • Substitution
  • Antitrust
  • Insider dealing/market abuse
  • Misuse of funds/waste of resources
  • Money laundering
  • Sanctions – financial and trade controls
  • Tax evasion
  • Terrorist financing
  • Violations of securities laws
  • Nepotism
  • Undisclosed close personal relationships
  • Undeclared relationships with vendors/third party partners
  • Using company contracts for private purposes
  • Using company equipment and/or property for private purposes
  • Abuse of positions – various
  • Bribery
  • Blackmail
  • Collusion
  • Conspiracy
  • Extortion
  • Facilitation payments
  • Kickbacks
Fair and respectful workplaceViolations/failures in corporate responsibility and governance
  • Assault including threats of violence
  • Bullying
  • Breach of safeguarding duties/protocols
  • Discrimination
  • Inappropriate behaviour – other
  • Insubordination
  • Intoxicated at work/substance abuse
  • Misuse of IT systems for viewing/sending inappropriate content
  • Negligence
  • Obstructive practice (intimidations and retaliation)
  • Other grievance leading to alleged policy/law violation
  • Other harassment (non-sexual)
  • Retaliation
  • Sexual harassment, abuse, exploitation (on employees)
  • Stalking and cyberstalking
  • Violations of labour or working time and absenteeism
  • Victimisation
  • Worker’s right violations – other


  • Breach of waste disposal protocols
  • Carbon emissions violations
  • Environmental harm disclosures – other
  • Greenwashing
  • Overuse/misuse of natural resources in violation of policy, laws, etc.
  • Poaching
  • Suppy chain integrity concerns
  • Violations of sustainablity policy – other


  • Child labour
  • Child harm
  • Ethical trade concerns, including ethical sourcing
  • Gender and race/ethnicity inequity in pay, benefits, compensation
  • Gender-based violence
  • Human rights violations – other
  • Human trafficking
  • Inequity in pay, benefits and compensation (gender, race, ethnicity)
  • Modern slavery
  • Sexual assault (on beneficiaries, third parties)
  • Sexual exploitation (on beneficiaries, third parties)
  • Worker welfare concerns in supply chain
All cyber-dependent, enabled, assisted wrongdoingSecurity of information, data and intellectual propertySecurity of property and physical assetsHealth, safety and security of people
  • Cyberbullying
  • Cyberfraud
  • Cyberstalking
  • Cryptojacking
  • Deep fakes
  • Denial-of-service (DoS attack)
  • Digital piracy
  • Hacking, ransomware
  • Identity theft
  • Phishing
  • Social engineering
  • Spamming
  • Spyware
  • Breach of confidentiality (e.g. employees sending/sharing confidential internal information externally without authorisation or in breach of policy)
  • Counterfeiting of goods/products
  • Data loss
  • Data privacy (including excessive monitoring of employees)
  • Infingement of trademarks and copyrights, patent licence
  • Leaks to the media
  • Piracy
  • Plagarism
  • Trade controls
  • Violations of social media policy
  • Misuse of assets
  • Theft of assets, stock, etc.
  • Trespass/unauthorised access
  • Unauthorised assets in consignment
  • Unauthorised selling of company assets
  • Valdalism and destruction of company property
  • Accidents and injuries
  • Assault, including threats of violence by third parties
  • Breach/falsification of product safery standards
  • Breach of safe disposal of products
  • Breaches of health and safety protocols
  • Covid-related breaches
  • Extortion
  • Kidnap
  • Medical/accident insurance fraud
  • Occupational and mental health incidents

Figure 1: Overview of investigation types (types in italics are present in more than one category)

Fraudulent practices

Fraudulent practices can be categorised in the following sub-categories.


Counterfeiting is the act of manufacturing and distributing illegal copies or imitations of physical or digital items with the intent to deceive for monetary gain. Examples of items that are counterfeited include but are not limited to:

  • Luxury goods, branded handbags, purses, wallets, accessories etc.
  • Fashion, apparel, new designs, etc.
  • Jewellery
  • Sports goods clothing, equipment etc.
  • Toys
  • Intellectual property
  • Tobacco products
  • Medication
  • Licensed merchandise
  • Aircraft and vehicle parts
  • Electronic goods

These cases have significant economic impact across the organisation’s value chain and can distort markets.

Failure to disclose required information

Not following securities law, by not disclosing shareholding percentages above thresholds that require mandatory reporting, or not disclosing timely that board members sold large percentage of their shares.

Manipulation of data and documents, falsification, destroying evidence

Falsification of annual accounts by overstatement of revenues, understatement of expenses, improper revenue recognition, the creation of fictitious transactions, the retroactive creation of documents i.e. stock option plan or falsifying signatures or other documents.


Payroll fraud, theft of inventory assets, ‘writing-off’ receivables, skimming cash from cash registers are all examples of misappropriation of company assets.


In the healthcare industry examples of misappropriation would be the presentation of a false claim to the government for payment, e.g. billing for services not rendered, the use of a false statement to get a claim paid or making false statements to reduce the amount an organisation owes to the government.


These investigations occur where there is a false, duplicate or overbilling of an invoice or invoices, the paperwork can be easily tampered with by an internal member of staff or in collusion with a third-party vendor. Product substitution can occur where poor quality product or outdated product is substituted by a manufacturer.

Financial misconduct and violations


Regulators expect companies to compete freely in the economy. Any schemes whereby competition is hampered, such as price fixing, allocating of markets among competitors, bid rigging, abuse of market dominance such as price discrimination and loyalty inducing rebates, are violations of competition law.

Insider dealing

When employees or managers are in the possession of sensitive information that is not yet in the public domain and likely to have an impact on the share price of the organisation, then any trading, buying or selling shares, during black-out periods is a criminal offense.

Misuse of funds or waste of resources

Donors might give grants to non-governmental agencies under the condition that the grant is spent in a certain way. Misuse typically relates to funds being used in a way it was not intended.

Money laundering

Money laundering law and regulation now extends beyond the financial services sector and includes the legal sector, property sector, art sector and many others with reporting obligations under Anti Money Laundering (AML) regulation constantly expanding. Substantive offences could also apply to individuals employed within various sectors who may perform a role linked to a regulated business, e.g. concealment, disguise or transferring criminal property, failure to report suspicions of money laundering.


Sanctions law and regulation continues to expand sanctions regimes include:

  • Trade, at import or export control level, quotas, tariffs, embargoes etc.
  • Financial, at country, organisation, or individual levels.
  • Economic, at country level as a tool of foreign policy.

Tax evasion

Tax evasion is an illegal activity in which a person or entity deliberately avoids paying a true tax liability. Tax evasion often involves the set-up of non-transparent shareholder structures, trusts, holding companies etc. in offshore locations whereby the government does not know who the ultimate beneficial owners of these companies, and related profits, are.

To get more transparency on the owners of companies many countries have created registers with ultimate beneficial owners. Also, certain countries have made it a criminal offense of failure to prevent the facilitation of tax evasion.

Terrorist financing

Terrorist financing is the provision or collection of funds to finance individual terrorists or non-state actors, terrorist acts, or terrorist organisations.[3] It differs from money laundering, where the source of the funds derives from criminal activity. Terrorist financing may not involve the proceeds of crime as the source; however, the intended destination is to support terrorism.

Conflict of interest

When the private interest of an employee or manager compete with and are placed above the interest of the organisation there can be a conflict of interest. Most organisations expect that conflict of interests are disclosed and in case of conflict between individual and organisational interests, that the interest of the organisation has priority.

Conflict of interest comes in many shapes and forms.

Personnel decisions

It is of utmost importance that employees can rely on the judgment of their managers and know that any personnel decisions, hiring new colleagues, promotions, bonus grants, task assignments, job rotations, sanctions etc., are unbiased and in the best interest of the company. Otherwise, such managerial decisions will not be accepted and cause tension and grievances among colleagues.

Selection of third parties

Suppliers and other business partners are normally selected based on objective criteria; best price, high quality, excellent customer service, high technology standards and/or reliability for example. When contracts are awarded to a company that has been selected based on personal or family relationships alone, this conflict of interest can lead to poor quality service or product as well as a culture tolerant of corruption. Examples of supplier conflicts of interest include selection of companies owned or managed by a family member, or where a manager directly supervises a consulting firm where his partner is doing the work, an apparent conflict of interest exist.

Using company suppliers or business partners privately

If company suppliers or business partners are also used as a private supplier or contractor, then real or apparent conflict of interest can happen.

Use of company property for personal uses

Company cars, use of computers, mobile phone or other equipment, access to sensitive information is typically given to employees to conduct their work. Consequently, most of the company’s equipment should not be used for private purposes unless the organisation’s consent has been obtained. When employees remove sensitive information from the company’s premises or send such information to their private email address this could be interpreted as theft.

Outside employment or starting one’s own business

While working at an organisation, if an employee accepts employment with another company and/or conduct work related to their own company during working hours there is an apparent conflict of interest.

Acceptance of gifts from suppliers

Accepting gifts from suppliers or business partners may give the impression that the decision to work with this business partner is based on benefits received rather than objective criteria. Therefore, most organisations have gift policies that clearly define what kind of gifts and to what amounts can be accepted from business partners.

Corporate investigators are involved in confirming the allegations that a given employee has a real or perceived conflict of interest.

Corrupt practices

Bribery and corruption

  • Paying or receiving bribes
  • Facilitation payments
  • Giving or receiving unauthorised gifts or entertainment

More commonly known as anti-bribery and corruption (ABC) globally, the law and regulation in this area is also expanding.

In the financial services sector AML, sanction and ABC are often grouped under the financial crime heading. Financial services and many other industry sectors devote considerable resources to financial crime given the legal and regulatory consequences for breaches. In particular, systemic failings bring fines in the multi-millions increasingly with multiple regulators in different jurisdictions. Consequently, many organisations have specialised AML, sanctions and ABC investigation teams for these types of cases.

Fair and respectful workplace

Fairness in the workplace contributes to employees feeling safe and engaged in the work they produce. Being valued and treated respectfully helps to promote a positive work culture in which employees are fulfilled, loyal, engaged, and motivated to perform at their very best. Employees who do not offer respect to others are unprofessional and pose a threat to the health and success of their company.

By showing respect to each other, employees are valuing the opinions of co-workers and asking them for their ideas on various problems. This leads to increased collaboration and more creative and better solutions. A respectful working prevents favoritism, giving everyone equal opportunity to voice their ideas. This is important as it gives different types of employees the chance to participate regardless of age, gender, race, sexual orientation, or disability. By practicing respect, every employee feels equal, and all ideas are valued no matter who they come from. In respectful settings, employees can flourish when they are given the opportunity to contribute equitably.

In most organisations, offensive, intimidating, malicious or insulting behavior or misuse of power through means that undermine, humiliate, belittle, or injure other employees is not accepted.

Investigations of this type typically relate to discrimination, bullying, favouritism, stalking, sexual harassment and/or retaliation.

Environmental violations of corporate responsibility

As part of responsible business practice, organisations are expected to operate sustainably and minimize their environmental impact on stakeholders.

Violations of plastic waste disposal, carbon emissions, not following the REACH directive, contaminating water or land sites with hazardous chemicals, violations of an organisation’s sustainable policy, over or misuse of natural resources and/or wildlife poaching all can have serious financial, reputational, or criminal sanctions for organisations and could lead to serious safety issues for the stakeholders involved.

Social violations of corporate responsibility

In addition to the modern slavery act, the California Transparency in Supply Chain Act, the German Supply Chain Act (‘Lieferkettengesetz’), the Dutch Due Diligence Act, the French Duty of Vigilance Act, and the recently drafted European Corporate Sustainability Due Diligence Directive all require organisations, exceeding certain thresholds, to respect human rights and prevent or remediate child labour, child harm, human trafficking, modern slavery, violations of human rights, sexual assault, sexual exploitation or worker welfare concerns in the supply chain.


‘Cyber investigations’ refers to the investigation of cyber enabled, assisted or dependent wrongdoing. The ACi uses the popularised term ‘cyber’ as relating to computers, information technology and the internet. Cyber related wrongdoing in an organisational context comprises a widely diverse set of misconduct types that are often evolving. The examples in the ACi typology include; cyberstalking, identity theft, phishing, social engineering, spyware, ransomware, spamming, the misuse of deep fakes, to mention a few. Categorisation is used to distinguish between various related wrongdoing.

  • Cyber dependent: occurs only within cyberspace and compromises the organisation’s systems, for example hacking.
  • Cyber enabled: more traditional types of wrongdoing ‘that have been made easier by cyber technology, e.g., social engineering and identity theft.[4]
  • Cyber-assisted: wrongdoing that relies on using computers, e.g., piracy, crypto-jacking, cyber bullying.

Cyber investigations require specialist expertise, and increasingly corporate investigators are upskilling in this area to understand risks and work effectively with specialists. Further information on cyber investigations is in chapter 21.

Security of information, data, and IP

Intellectual property (IP)

Generally intellectual property falls into four categories:

  • Trademarks
  • Patents
  • Copyright
  • Design

The investigation of IP breaches is prevalent in the manufacturing and technology sectors and many others, not least the pharmaceutical industry, where organisations spend on Research and Development (R&D) is a considerable percentage of capital investment.

Trademark includes where there is a service or product that has a recognisable colour or sign and another appears to be similar in colour or size, therefore may deceive the public.

Patent investigations can find inclusive rights being impeached by others who wish to replicate your product, these investigations usually result in legal action against an individual or organisation.

Copyright investigations can be the use of a film, photograph or music used by individuals for example in promotional videos of products. The artist, writer and performer are at a financial disadvantage and miss out on royalties in the long term.


These cases form part of IP infringement and are illegally acquired:

  • Music or video downloads;
  • Films, copied or downloaded for distribution;
  • Computer games, developers and makers;
  • Books, published and e-books; and
  • Software, publishers.

These cases impact the economic well-being of actors, musicians, songwriters, performers, authors, producers, gaming developers, and the entertainment industry sector. These types of investigations can involve organised crime and cross border collaboration with the authorities.

Social media fraud

These cases relate to the organisations social media pages and the organisation members professional profiles being:

  • Duplicated or replicated
  • Accounts taken over
  • Fake profiles
  • Misrepresentations, LinkedIn etc.
  • Trolled
  • Profile stalking
  • Inappropriate posts
  • Misinformation about the person or organisation

Data privacy violations

These cases relate to all sorts of violations of data privacy law:

  • processing personal data without legal basis or explicit consent of data subjects;
  • storing or retaining personal data longer than defined in company retention policies;
  • unauthorised cross-border of personal data;
  • unauthorised access to personal data;
  • excessive monitoring, cameras, CCTV etc. and
  • inadequate technical IT Security standards to protect personal.

Security of property

Such investigation would typically cover vandalism or destruction of company property, theft of assets, unauthorised selling of company assets, misuse of company assets or unauthorised access to an organisation’s property.


  • Theft of physical property
  • Theft of intellectual property
  • Theft of proprietary data

Generally, the security departments of organisations have investigators undertaking the theft of physical property by members of the organisation.

The theft of intellectual property by a member or members of the organisation can include trade secrets. The theft of proprietary data for example source code for an in-house application or client’s lists are explored in the data case types.

Misuse of company assets

Such investigations would relate to company assets being used privately. Examples would be the use by employees, or family members of employees, of company cars for private purposes whereas the company car policy only allows the company car to be used for business purposes. Other examples would be the use of company machine or tools for private purposes without proper company authorisation.

Health, safety, and security of people

Such investigations relate to all situations where safety and health of employees are violated. Examples are physical assault, extortion, kidnapping, but also accidents, breaches of safety disposal of products, medical insurance fraud.

Legally reviewed by Anupreet Amole (Evershed Sutherland).


[1] Financial Conduct Authority. (2016). About the FCA. https://www.fca.org.uk/about/the-fca.

[2] Association of Certified Fraud Examiners. (2022). Occupational Fraud 2022: A Report to the Nations. (p. 10). https://acfepublic.s3.us-west-2.amazonaws.com/2022+Report+to+the+Nations.pdf.

[3] Adapted from the FATF definition. See Financial Action Task Force. (2016). Guidance on Criminalising Terrorist Financing. https://www.fatf-gafi.org/media/fatf/documents/reports/Guidance-Criminalising-Terrorist-Financing.pdf.

[4] Phillips, K., Davidson, J., Farr, R., Burkhardt, C., Caneppele, S., & Aiken, M. (2022). Conceptualizing Cybercrime: Definitions, Typologies and Taxonomies. Forensic Sciences, 2(2), 379–398. https://doi.org/10.3390/forensicsci2020028.

Unlock unlimited access to all Global Investigations Review content